Searching in Data Privacy & Cybersecurity · Search everything
702 changes Data Privacy & Cybersecurity
ICO Fines Reddit for UK GDPR Violations
The UK's Information Commissioner's Office (ICO) has fined Reddit, Inc. £14.4 million for violating UK GDPR. The penalty stems from failures in age assurance mechanisms and data protection impact assessments, which unlawfully processed children's data and potentially exposed them to harmful content.
TriZetto Provider Solutions Data Breach Notification
TriZetto Provider Solutions is notifying individuals about a data breach and offering identity monitoring services. The notice provides instructions for enrollment, steps to protect personal information, and contact information for relevant agencies.
Hingham Municipal Lighting Plant Data Breach Notification
The Hingham Municipal Lighting Plant has issued a data breach notification letter to affected individuals. The incident involved the exposure of personal information, including names, Social Security numbers, and driver's license numbers. Affected individuals are offered two years of complimentary identity protection services.
Massachusetts General Hospital Data Breach Notification
Massachusetts General Hospital (MGH) issued a data breach notification on February 25, 2026, regarding an incident where Protected Health Information (PHI) was inadvertently sent to the incorrect patient. The breach involved names, dates of birth, social security numbers, and diagnoses. MGH is offering 24 months of free credit monitoring and identity theft protection services.
TriZetto Data Breach Notification Letter
TriZetto Provider Solutions is notifying individuals of a cybersecurity incident that may have involved protected health information. The incident, discovered on October 2, 2025, potentially exposed patient names, addresses, dates of birth, and in some cases, Social Security numbers. TriZetto is offering identity protection services to affected individuals.
Worcester State University Data Breach Notification
Worcester State University issued a data breach notification letter on February 25, 2026, detailing a breach that exposed personal information of students and staff from January 24 to February 2, 2026. The university has updated its policies to prevent future incidents and is providing guidance on security freezes.
GDPR Article 25: Data Protection by Design and Default Factors
This analysis discusses the implementation of GDPR Article 25, focusing on data protection by design and by default. It highlights the importance of continuously assessing state of the art, cost of implementation, processing context, and risks to individuals, especially with the rise of AI.
AI Standards, Regulations, and Enforcement Efforts Discussed
Global jurisdictions are discussing policies for responsible AI development and use, but the pace of AI innovation is outpacing regulation. Stakeholders at the AI Standards Hub Global Summit 2026 highlighted the importance of technical standards and assurance systems in guiding compliance amidst evolving regulatory frameworks like the EU AI Act and a patchwork of US state laws.
ICO Decision Notice: House of Commons FOI Complaint
The UK's Information Commissioner's Office (ICO) has issued a decision notice regarding a complaint against the House of Commons. The ICO found that the House of Commons correctly relied on Section 40(2) of the Freedom of Information Act to withhold information related to role upgrades, deeming it third-party personal data.
ICO Decision Notice: FOI exemption for parking machine data upheld
The UK's Information Commissioner's Office (ICO) has issued a decision notice regarding a Freedom of Information (FOI) complaint against East Riding of Yorkshire Council. The ICO found that the council correctly applied the law enforcement exemption (FOI 31(1)(a)) to withhold parking machine data, and the public interest favors maintaining this exemption.
ICO rules Council FOI request not vexatious, orders fresh response
The UK's Information Commissioner's Office (ICO) has ruled that Westmorland and Furness Council wrongly claimed a Freedom of Information (FOI) request regarding an external consultant report was vexatious. The ICO has ordered the Council to issue a fresh response within 30 days.
ICO Decision: St. Werburgh’s C. E. Primary School FOI Complaint Upheld
The Information Commissioner's Office (ICO) has upheld a complaint against St. Werburgh’s C. E. Primary School for failing to respond to a Freedom of Information request within the statutory 20 working days. The school is now required to provide a response within 30 calendar days.
Rotherham Council Failed FOI Request Response Time
The ICO has issued a decision notice against Rotherham Metropolitan Borough Council for failing to respond to a Freedom of Information (FOI) request within the statutory 20 working days. The Council is now required to provide a response within 30 calendar days.
ICO Decision Notice: Cabinet Office FOI Refusal Upheld
The UK's Information Commissioner's Office (ICO) has upheld the Cabinet Office's refusal to confirm or deny holding records related to the potential proscription of Palestine Action. This decision relates to a Freedom of Information request and the application of section 35(3) of FOIA concerning ministerial communications.
ICO Decision Notice: Kensington and Chelsea FOI Breach
The UK's Information Commissioner's Office (ICO) issued a decision notice against the Royal Borough of Kensington and Chelsea for breaching Section 10 of the Freedom of Information Act. The authority failed to respond to a request for information within the statutory 20 working days.
Home Office ordered to reply to FOI request
The ICO has ordered the Home Office to respond to a Freedom of Information (FOI) request that was not answered within the statutory 20-day period. The Home Office must now provide a response to the complainant within 30 calendar days.
ICO Decision: NHS Trust failed to respond to FOI request
The ICO has issued a decision notice finding that Guy's and St Thomas' NHS Foundation Trust failed to respond to a Freedom of Information (FOI) request within the statutory 20-working day period. The Trust is required to provide a substantive response to the request.
ICO Decision: Sheffield City Council breached EIR on Montague Street closure request
The UK's Information Commissioner's Office (ICO) has ruled that Sheffield City Council breached Environmental Information Regulations (EIR) by failing to respond to a request about the Montague Street closure. The Council is required to provide a substantive response to the complainant.
AEPD Resolution on GDPR Rights Procedure
The Spanish Data Protection Agency (AEPD) has issued a resolution regarding a procedure for handling GDPR rights. The resolution addresses a complaint where a data subject exercised their right of access, and the respondent failed to provide a legally established response within the stipulated timeframe. This action initiates a formal procedure against the respondent for non-compliance.
AEPD Spain: GDPR Fine of €4M for Data Information Failure
The Spanish Data Protection Agency (AEPD) has issued a €4 million fine to SERVICIOS INMOBILIARIOS Y GESTIÓN RCL-MADRID, S.L. for failing to provide requested information during an investigation. This action stems from a complaint regarding potential GDPR violations.
Grayback Forestry Data Breach Notice to Consumers
The Vermont Attorney General's office has published a data breach notice from Grayback Forestry to consumers. This notice informs consumers about a security incident that may have compromised their personal information.
Hypertherm Data Breach Notice to Consumers
The Vermont Attorney General's Office has published a data breach notice from Hypertherm to consumers. This notice informs consumers about a data security incident that may have impacted their personal information. The document serves as an official notification regarding the breach.
Philadelphia Corporation for Aging Data Breach Notice
The Vermont Attorney General's Office has published a data breach notice concerning the Philadelphia Corporation for Aging. This notice informs consumers about a data security incident that may have affected their personal information.
Trinity Health Data Breach Notice to Consumers
The Vermont Attorney General's office has published a data breach notice from Trinity Health to consumers. This notice informs consumers about a data security incident affecting their personal information.
Shambhala USA Data Breach Notice to Consumers
The Vermont Attorney General's Office has published a data breach notice from Shambhala USA, dba Karme Choling, to consumers. The notice informs consumers about a data security incident that may have compromised personal information.
North Country Business Products Data Security Incident Notification
North Country Business Products is notifying the North Dakota Attorney General's office of a data security incident affecting an undetermined number of North Dakota residents. The incident involved malware deployed to business partners' restaurants, potentially exposing credit and debit card information.
CHS Inc. Data Breach Notification
CHS Inc. notified the North Dakota Attorney General's office of an inadvertent disclosure of personal information of North Dakota residents on March 11, 2019. The disclosure involved employee and dependent data sent to a vendor via email, which was promptly deleted and confirmed as not accessed.
North Dakota Data Breach Notification - ShareThis
ShareThis, Inc. has notified the North Dakota Attorney General of a data security incident that may have affected personal information of North Dakota residents. The incident, believed to have occurred in July 2018, may have exposed names, email addresses, hashed passwords, and birth dates. ShareThis is providing notice to affected individuals and offering guidance on identity theft protection.
TEMPTU Inc. Data Breach Notification for North Dakota Residents
TEMPTU Inc. has notified the North Dakota Attorney General of a data security incident affecting two residents. The breach, discovered on December 18, 2018, potentially exposed credit card numbers and names of individuals who used their cards on TEMPTU's website between November 1 and November 21, 2018.
Prosper Marketplace Data Breach Notification
The NJCCIC has issued a notice regarding a data breach at Prosper Marketplace, Inc., a fintech company. The breach, which occurred between June and August 2025, compromised sensitive personal information including SSNs and bank details for impacted individuals. Affected individuals are advised to review identity theft resources.
Monroe University Data Breach Affects 320,000 Individuals
Monroe University disclosed a data breach affecting over 320,000 individuals, with personal, financial, and health information acquired by threat actors. The university has begun notifying affected individuals, and the NJCCIC recommends reviewing guidance on compromised PII.
Sax LLP Data Breach Impacts 228,000 Individuals
Sax LLP, a financial services firm, disclosed a data breach affecting over 228,000 individuals nationwide. The breach, identified in August 2024, compromised personal information including names, dates of birth, and Social Security numbers. Affected individuals are being notified.
Decisely Insurance Data Breach Compromised PII, SSN
Decisely Insurance reported a data breach in June 2025 that may have compromised personal information, including PII and SSNs. The NJCCIC advises affected individuals to review guidance on identity theft and compromised PII.
700Credit Data Breach Exposes PII and SSN
700Credit disclosed a data breach affecting its 700Dealer.com application, exposing PII and Social Security numbers. The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) advises affected individuals to review guidance on identity theft and compromised PII.
Iowa Security Breach Notifications - 2023
The Iowa Attorney General's office has published a list of security breach notifications reported in 2023. This notice serves as a public record of incidents affecting Iowans, providing details on the organizations involved and the dates of reported breaches.
Iowa Security Breach Notifications - 2024
The Iowa Attorney General's office has published a list of 64 security breach notifications reported in 2024. This notice serves as a public record of organizations that have experienced data breaches and reported them to the state.
Iowa Attorney General 2022 Security Breach Notifications
The Iowa Attorney General's office has published its 2022 list of security breach notifications. The data indicates 32 breaches occurred, resulting in the compromise of approximately 2.6 million records. This notice serves as a public record of these incidents.
Iowa Security Breach Notifications - 2025
The Iowa Attorney General's office has published its list of security breach notifications for 2025. This notice provides a public record of organizations that have reported data breaches affecting Iowa residents, including links to official notification documents.
Iowa Security Breach Notifications - 2026
The Iowa Attorney General's office has published a list of six data breaches reported in early 2026. These notifications are part of the state's ongoing consumer protection efforts regarding security incidents.
EU Officials Discuss Digital Rulebook Simplification and Regulatory Interplay
EU officials discussed ongoing efforts to simplify the bloc's digital rulebook and the critical role of regulatory interplay. The European Data Protection Board workshop highlighted how regulations like the GDPR, DMA, and DSA must work together seamlessly for consistent enforcement and clarity.
ICO Enforcement Action Against North Tees NHS Trust
The UK's Information Commissioner's Office (ICO) has issued an enforcement notice against North Tees and Hartlepool NHS Foundation Trust. This action follows an investigation into a data breach, with the ICO mandating specific corrective actions.
Cumbria Constabulary Information Notice
The Information Commissioner's Office (ICO) has issued an information notice to the Chief Constable of Cumbria Constabulary. This notice requires the Constabulary to provide specific information related to an ongoing investigation.
Data Theft Conviction: Munro and Chipoma Sentenced
The ICO has announced the sentencing of Christopher Munro and William Chipoma for data theft and sale, involving over 400 UK garages. Both individuals received suspended prison sentences and community service after pleading guilty to offenses under the Computer Misuse Act and Data Protection Act 1998.
Calderdale Council Information Notice
The ICO has issued an information notice to Calderdale Council regarding a data protection matter. This notice is part of the ICO's enforcement activities in the local government sector.
City of London Police Reprimanded for Data Protection Failures
The UK's Information Commissioner's Office (ICO) has issued a reprimand to the Commissioner of Police for the City of London for failing to respond to Subject Access Requests (SARs) within statutory timeframes. This action highlights data protection obligations for law enforcement agencies.
BfDI Welcomes EDPB GDPR Guidelines on Legitimate Interest
The European Data Protection Board (EDPB) has released draft guidelines on the processing of personal data based on legitimate interest under GDPR. The German Federal Commissioner for Data Protection and Freedom of Information (BfDI) welcomes the initiative to provide greater legal certainty. The guidelines are now open for public consultation.
Global Privacy Assembly Adopts Resolution on Trustworthy International Data Traffic
The Global Privacy Assembly (GPA) adopted a resolution on trustworthy international data traffic, also known as Data Free Flow with Trust (DFFT). Initiated by the German delegation, the resolution provides core data protection elements to guide legal frameworks and transfer instruments for secure data transfers.
PCPD Releases AI Storybook for Primary Students
The Office of the Privacy Commissioner for Personal Data (PCPD) in Hong Kong has published a new Chinese storybook titled “Adventure in the AI Labyrinth” for primary school students. This initiative aims to educate young students on the proper use of artificial intelligence and the importance of personal data privacy protection.
ICO Decision Notice: Mid Sussex District Council - EIR Request
The ICO found that Mid Sussex District Council correctly applied exemptions to an EIR request regarding a poisoning allegation investigation. However, the council breached the 20-working-day response time. No further steps are required from the council.
ICO Decision Notice: Council Failed to Respond to FOI Request
The Information Commissioner's Office (ICO) issued a decision notice against South Gloucestershire Council for failing to respond to a Freedom of Information (FOI) request within the statutory 20-day period. The ICO requires the council to respond to the complainant within 30 calendar days.